A bipartisan group of senators last Thursday introduced a bill that would require the Department of Homeland Security to establish a federally-funded Cybersecurity State Coordinator program, providing an official in every state to work across all levels of government and other organization to help prevent cyber security threats.
“Cyber security for state and local governments is just as important as federal cyber security, and frequently, they lack the resources, technical know-how, and situational awareness to secure their systems, or respond in the event of an attack,” Sen. Rob Portman (R-Ohio), a co-sponsor of the bill, said in a statement last Friday. “This bipartisan bill, which creates a Cybersecurity State Coordinator position, would help bolster state and local governments’ cyber security by facilitating their relationship with the federal government to ensure they know what preventative resources are available to them as well as who to turn to if an attack occurs.”
The Cybersecurity State Coordinator Act of 2020 (S. 3207) directs the DHS Cybersecurity and Infrastructure Security Agency to manage the program. The five-page bill was sponsored by Maggie Hassan (D-N.H.), and includes Portman, John Cornyn (R-Texas), and Gary Peters (D-Mich.) as co-sponsors, all of whom are members of the Homeland Security and Governmental Affairs Committee.
The bill lists eight duties for the state coordinators including building relationships across federal and non-federal entities to help establish governance structures; serving as the principle federal cyber security risk adviser between the states and federal government; helping with information sharing, understanding cyber security risks and the federal resources available to non-federal entities; developing with training and exercises to promote resilience and recovery from incidents such as ransomware; being the primary contact within the federal government for non-federal entities to work with the federal government on preparing for, and managing responses to, cyber incidents, helping these entities develop vulnerability disclosure programs; and helping in other ways to manage cyber security risks.
“When New Hampshire’s Strafford County and Sunapee School District were hit by ransomware attacks this past year, officials had systems in place to mitigate damage,” Hassan said in a statement. “But as they made clear to me, the federal government needs to do more to ensure that state and local entities have the resources and training that they need to prevent and respond to cyberattacks.”